McAfee MOVE Agentless 3.0 VSEL 1.9 for SVA STIG

U_McAfee_MOVE3_0_Agentless_VSEL_for_SVA_V1R3_Manual-xccdf.xml

The McAfee MOVE 3.0 Agentless VSEL for SVA STIG The McAfee MOVE 2.6 Multi-Platform Client STIG is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]
Details

Version / Release: V1R3

Published: 2014-05-08

Updated At: 2018-09-23 04:06:06

Download

Filter

Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.
    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-56764r1_rule DTAVSEL-109 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 Web UI must be disabled. If the Web UI was left enabled, the system to which the VSEL has been installed would be vulnerable for Web attacks. Disabling the Web UI will prevent the system from listening on HTTP.System Administrator
    SV-61873r1_rule DTAVSEL-001 CCI-001240 HIGH The antivirus signature file age must not exceed 7 days. Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. By configuring a system to attempt an antivirus update on a daily basis, the system is ensured of maintaining an antivirus signature age of 7 days or less. If the update attempt were to be configured for only once a week, and that attempt failed, the system would be immediately out of date.System Administrator
    SV-61875r1_rule DTAVSEL-002 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 must be configured to receive automatic signature updates. Antivirus signature files are updated almost daily by antivirus software vendors. These files are made available to antivirus clients as they are published. Keeping virus signature files as current as possible is vital to the security of any system. The antivirus software product must be configured to receive those updates automatically in order to afford the expected protection.System Administrator
    SV-61877r1_rule DTAVSEL-003 CCI-001240 HIGH The McAfee VirusScan Enterprise for Linux 1.9.0 must be configured to enable On-Access scanning. For antivirus software to be effective, it must be running at all times, beginning from the point of the system's initial startup. Otherwise, the risk is greater for viruses, Trojans, and other malware infecting the system during that startup phase.System Administrator
    SV-61881r1_rule DTAVSEL-004 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to decompress archives when scanning. Malware is often packaged within an archive. In addition, archives may have other archives within. Not scanning archive files introduces the risk of infected files being introduced into the environment. System Administrator
    SV-61893r1_rule DTAVSEL-005 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to find unknown program viruses. Due to the ability of malware to mutate after infection, standard antivirus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will share unique characteristics with others in their virus family. By using a generic signature to detect the shared characteristics, using wildcards where differences lie, the generic signature can detect viruses even if they are padded with extra, meaningless code. This method of detection is Heuristic detection.System Administrator
    SV-61913r1_rule DTAVSEL-006 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to find unknown macro viruses. Interpreted viruses are executed by an application. Within this subcategory, macro viruses take advantage of the capabilities of applications' macro programming language to infect application documents and document templates, while scripting viruses infect scripts that are understood by scripting languages processed by services on the OS. Many attackers use toolkits containing several different types of utilities and scripts that can be used to probe and attack hosts. Scanning for unknown macro viruses will mitigate zero-day attacks.System Administrator
    SV-61915r1_rule DTAVSEL-007 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to find potentially unwanted programs. Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infection capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. Configuring the antivirus software to attempt to clean the file first will allow for the possibility of a false positive. In most cases, however, the secondary action of delete will be used, mitigating the risk of the PUPs being installed and used maliciously.System Administrator
    SV-61917r1_rule DTAVSEL-008 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to scan files when being written to disk. Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are written to disk is a crucial first line of defense from malware attacks.System Administrator
    SV-61919r1_rule DTAVSEL-009 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to scan files when being read from disk. Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks.System Administrator
    SV-61921r1_rule DTAVSEL-010 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to scan all file types. When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.System Administrator
    SV-61923r1_rule DTAVSEL-011 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner maximum scan time must not be less than 45 seconds. When antivirus software is not configured to limit the amount of time spent trying to scan a file, the total effectiveness of the antivirus software, and performance on the system being scanned, will be degraded. By limiting the amount of time the antivirus software uses when scanning a file, the scan will be able to complete in a timely manner. System Administrator
    SV-61925r1_rule DTAVSEL-012 CCI-001242 MEDIUM Any paths and files excluded by the McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be formally documented with, and approved by, the IAO/IAM. When scanning for malware, excluding specific files will increase the risk of a malware-infected file going undetected. By configuring antivirus software without any exclusions, the scanner has a higher success rate at detecting and eradicating malware.System Administrator
    SV-61927r1_rule DTAVSEL-013 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to Clean infected files automatically as first action when a virus or Trojan is detected. Malware may have infected a file that is necessary to the user. By configuring the antivirus software to first attempt cleaning the infected file, availability to the file is not sacrificed. If a cleaning attempt is not successful, however, deleting the file is the only safe option to ensure the malware is not introduced onto the system or network.System Administrator
    SV-61929r1_rule DTAVSEL-014 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to Move infected files to the quarantine directory if first action fails when a virus or Trojan is detected. Malware may have infected a file that is necessary to the user. By configuring the antivirus software to first attempt cleaning the infected file, availability to the file is not sacrificed. If a cleaning attempt is not successful, however, deleting the file is the only safe option to ensure the malware is not introduced onto the system or network. System Administrator
    SV-61933r1_rule DTAVSEL-015 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to Clean infected files automatically as first action when programs and jokes are found. Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infection capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. Configuring the antivirus software to attempt to clean the file first will allow for the possibility of a false positive. In most cases, however, the secondary action of delete will be used, mitigating the risk of the PUPs being installed and used maliciously.System Administrator
    SV-61935r1_rule DTAVSEL-016 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to Move infected files to the quarantine directory if first action fails when programs and jokes are found. Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infection capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. Configuring the antivirus software to attempt to clean the file first will allow for the possibility of a false positive. In most cases, however, the secondary action of delete will be used, mitigating the risk of the PUPs being installed and used maliciously.System Administrator
    SV-61939r1_rule DTAVSEL-017 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to deny access to the file if scanning fails. Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks.System Administrator
    SV-61949r1_rule DTAVSEL-018 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On-Access scanner must be configured to allow access to files if scanning times out. Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks.System Administrator
    SV-61961r1_rule DTAVSEL-100 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 must be configured to run a scheduled On Demand scan at least once a week. Antivirus software is the most commonly used technical control for malware threat mitigation. Real-time scanning of files as they are read from disk is a crucial first line of defense from malware attacks but to ensure all files are frequently scanned, a regularly scheduled full scan will ensure malware missed by the real-time scanning will be detected and mitigated.System Administrator
    SV-61963r1_rule DTAVSEL-102 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to find unknown program viruses. Due to the ability of malware to mutate after infection, standard antivirus signatures may not be able to catch new strains or variants of the malware. Typically, these strains and variants will share unique characteristics with others in their virus family. By using a generic signature to detect the shared characteristics, using wildcards where differences lie, the generic signature can detect viruses even if they are padded with extra, meaningless code. This method of detection is Heuristic detection.System Administrator
    SV-61965r1_rule DTAVSEL-103 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to find unknown macro viruses. Interpreted viruses are executed by an application. Within this subcategory, macro viruses take advantage of the capabilities of applications' macro programming language to infect application documents and document templates, while scripting viruses infect scripts that are understood by scripting languages processed by services on the OS. Many attackers use toolkits containing several different types of utilities and scripts that can be used to probe and attack hosts. Scanning for unknown macro viruses will mitigate zero-day attacks.System Administrator
    SV-61967r1_rule DTAVSEL-104 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to find potentially unwanted programs. Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infection capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. Configuring the antivirus software to attempt to clean the file first will allow for the possibility of a false positive. In most cases, however, the secondary action of delete will be used, mitigating the risk of the PUPs being installed and used maliciously.System Administrator
    SV-61969r1_rule DTAVSEL-105 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to scan all file types. When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.System Administrator
    SV-61977r1_rule DTAVSEL-106 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to Clean infected files automatically as first action for when Viruses and Trojans are found. Malware may have infected a file that is necessary to the user. By configuring the antivirus software to first attempt cleaning the infected file, availability to the file is not sacrificed. If a cleaning attempt is not successful, however, deleting the file is the only safe option to ensure the malware is not introduced onto the system or network.System Administrator
    SV-61985r1_rule DTAVSEL-107 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to Move infected files to the quarantine directory if first action fails for when Viruses and Trojans are found. Malware may have infected a file that is necessary to the user. By configuring the antivirus software to first attempt cleaning the infected file, availability to the file is not sacrificed. If a cleaning attempt is not successful, however, deleting the file is the only safe option to ensure the malware is not introduced onto the system or network. System Administrator
    SV-61991r1_rule DTAVSEL-108 CCI-001242 MEDIUM Any paths and files excluded by the McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be documented with, and approved by, the IAO/IAM. When scanning for malware, excluding specific files will increase the risk of a malware-infected file going undetected. By configuring antivirus software without any exclusions, the scanner has a higher success rate at detecting and eradicating malware. System Administrator
    SV-62001r1_rule DTAVSEL-110 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to Clean infected files automatically as first action when programs and jokes are found. Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infection capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. Configuring the antivirus software to attempt to clean the file first will allow for the possibility of a false positive. In most cases, however, the secondary action of delete will be used, mitigating the risk of the PUPs being installed and used maliciously.System Administrator
    SV-62005r1_rule DTAVSEL-111 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to Move infected files to the quarantine directory if first action fails when programs and jokes are found. Potentially Unwanted Programs (PUPs) include Spyware, Adware, Remote Administration Tools, Dialers, Password Crackers, Jokes, and Key Loggers. While PUPs do not typically have any infection capability on their own, they rely on malware or other attach mechanisms to be installed onto target hosts, after which they will collect and transfer data from the host to an external host and/or will be used as attach mechanisms. Configuring the antivirus software to attempt to clean the file first will allow for the possibility of a false positive. In most cases, however, the secondary action of delete will be used, mitigating the risk of the PUPs being installed and used maliciously.System Administrator
    SV-62011r1_rule DTAVSEL-113 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to include all local drives and their sub-directories. When scanning for malware, excluding specific file types will increase the risk of a malware-infected file going undetected. By configuring antivirus software to scan all file types, the scanner has a higher success rate at detecting and eradicating malware.System Administrator
    SV-62149r1_rule DTAVSEL-101 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to decompress archives when scanning. Malware is often packaged within an archive. In addition, archives might have other archives within. Not scanning archive files introduces the risk of infected files being introduced into the environment.System Administrator
    SV-62151r1_rule DTAVSEL-112 CCI-001242 MEDIUM The McAfee VirusScan Enterprise for Linux 1.9.0 On Demand scanner must be configured to decode MIME encoded files. Malware is often packaged within an archive. In addition, archives might have other archives within. Not scanning archive files introduces the risk of infected files being introduced into the environment.System Administrator